Shadow devices put enterprise networks at risk

A new study finds that enterprise networks have thousands of shadow personal devices including laptops, tablets and mobile phones, as well as Internet of Things devices — such as digital assistants and smart kitchen appliances — connecting to them.

The report from network control company Infoblox shows 35 percent of companies in the US, UK and Germany reported more than 5,000 personal devices connecting to the network each day.

Employees in the US and UK admit to connecting to the enterprise network for a number of reasons, including to access social media (39 percent), as well as to download apps, games and films (24 percent, 13 percent and seven percent respectively). These practices open organizations up to social engineering hacks, phishing and malware injection.

The most common devices found on enterprise networks include: fitness trackers, such as FitBit or Gear Fit — 49 percent, digital assistants, such as Amazon Alexa and Google Home — 47 percent, smart TVs — 46 percent, smart kitchen devices, such as connected kettles or microwaves — 33 percent, and games consoles, such as Xbox or PlayStation — 30 percent.

To manage the security threat posed by shadow personal devices and IoT devices in the network, 82 percent of organizations have introduced a security policy for connected devices. However, IT directors appear misguided in their estimation for how effective these policies are. While 88 percent of the IT leaders that responded to the survey believe that their security policy is either effective or very effective, nearly a quarter of employees from the US and UK (24 percent) did not know if their organization had a security policy.

Of those that report that their organization did have a security policy for connected devices, 20 percent of UK respondents claim they either rarely, or never, follow it. Only one fifth of respondents in the US and UK report that they follow it by the book.

Gary Cox, technology director, Western Europe at Infoblox says:

Due to the poor security levels of many consumer and IoT devices, there is a very real threat posed by those operating under the radar of organizations’ traditional security policies. These devices present a weak entry point for cybercriminals into the network, and a serious security risk to the company.

Networks need to be a frontline defence; second only to having good end user education and appropriate security policies. Gaining full visibility into all connected devices, whether on premise or while roaming, as well as using intelligent DNS solutions to detect anomalous and potentially malicious communications to and from the network, can help security teams to detect and stop cybercriminals in their tracks.

The full report, What’s lurking on your network: Exposing the threat of shadow devices, including recommendations on how companies can protect their networks, is available on the Infoblox website.